One Identity Safeguard 2.4 - Release Notes

One Identity Safeguard for Privileged Passwords Release Notes

One Identity Safeguard for Privileged Passwords 2.4

Release Notes

October 2018

These release notes provide information about the One Identity Safeguard for Privileged Passwords 2.4 release.

Topics:

About this release

The One Identity Safeguard for Privileged Passwords Appliance is built specifically for use only with the Safeguard for Privileged Passwords privileged management software, which is pre-installed and ready for immediate use. The appliance is hardened to ensure the system is secured at the hardware, operating system and software levels. The hardened appliance approach protects the privileged management software from attacks while simplifying deployment and ongoing management -- and shortening the timeframe to value.

The privileged management software provided with One Identity Safeguard for Privileged Passwords consists of the following modules:

  • One Identity Safeguard for Privileged Passwords automates, controls and secures the process of granting privileged credentials with role-based access management and automated workflows. Deployed on a hardened appliance, Safeguard for Privileged Passwords eliminates concerns about secured access to the solution itself, which helps to speed integration with your systems and IT strategies. Plus, its user-centered design means a small learning curve and the ability to manage passwords from anywhere and using nearly any device. The result is a solution that secures your enterprise and enables your privileged users with a new level of freedom and functionality.
  • One Identity for Privileged Sessions is part of One Identity's Privileged Access Management portfolio. Addressing large enterprise needs, Safeguard for Privileged Sessions is a privileged session management solution, which provides industry-leading access control, as well as session monitoring and recording to prevent privileged account misuse, facilitate compliance, and accelerate forensics investigations.

    Safeguard for Privileged Sessions is a quickly deployable enterprise appliance, completely independent from clients and servers - integrating seamlessly into existing networks. It captures the activity data necessary for user profiling and enables full user session drill-down for forensics investigations.

  • One Identity Safeguard for Privileged Analytics integrates data from Safeguard for Privileged Sessions to use as the basis of privileged user behavior analysis. Safeguard for Privileged Analytics uses machine learning algorithms to scrutinize behavioral characteristics and generates user behavior profiles for each individual privileged user. Safeguard for Privileged Analytics compares actual user activity to user profiles in real time and profiles are continually adjusted using machine learning. Safeguard for Privileged Analytics detects anomalies and ranks them based on risk so you can prioritize and take appropriate action - and ultimately prevent data breaches.

One Identity Safeguard for Privileged Passwords Version 2.4 is a minor release with new features and functionality in addition to numerous bug fixes. In this release you will find custom platforms, authentication options, and Safeguard Sessions Appliance join. See New features.

NOTE: For a full list of key features in One Identity Safeguard for Privileged Passwords, see the One Identity Safeguard for Privileged Passwords Administration Guide.

Appliance specifications

Appliance specifications

The Safeguard for Privileged Passwords Appliance is built specifically for use only with the Safeguard for Privileged Passwords privileged management software that is already installed and ready for immediate use. It comes hardened to ensure the system is secure at the hardware, operating system, and software levels.

The One Identity Safeguard for Privileged Passwords 2000 Appliance specifications and power requirements are as follows.

Table 1: Safeguard 2000 Appliance: Feature specifications
Safeguard for Privileged Passwords 2000 Feature / Specification
Processor Intel Xeon E3-1275v5 3.60 GHz
# of Processors 1
# of Cores per Processor 4
L2/L3 Cache 4 x 256KB L2, 8MB L3 SmartCache
Chipset Intel C236 Chipset
DIMMs DDR4-2400 ECC Unbuffered DIMMs
RAM 32GB
Internal HD Controller LSI MegaRAID SAS 9391-4i 12Gbps SAS3
Disk 4 x Seagate EC2.5 1TB SAS 512e
Availability TPM 2.0, EEC Memory, Redundant PSU
I/O Slots x16 PCIe 3.0, x8 PCIe 3.0
RAID RAID10
NIC/LOM 3 x Intel i210-AT GbE
Power Supplies Redundant, 700W, Auto Ranging (100v~240V), ACPI compatible
Fans 4 x 40mm Counter-rotating, Non-hot-swappable
Chassis 1U Rack

Dimensions

(HxWxD)

43 x 437.0 x 597.0 (mm)

1.7 x 17.2 x 23.5 (in)

Weight Max: 46 lbs (20.9 Kg)
Miscellaneous FIPS Compliant Chassis
Table 2: Safeguard 2000 Appliance: Power requirements
Input Voltage 100-240 Vac
Frequency 50-60Hz
Power Consumption (Watts) 170.9
BTU 583

Appliance LCD and controls

Appliance LCD and controls

The front panel of the One Identity Safeguard for Privileged Passwords 2000 Appliance contains the following controls for powering on, powering off, and scrolling through the LCD display.

Table 3: Appliance LCD and controls
Control Description

Green check mark button

Use the Green check mark button to start the appliance. Press the Green check mark button for NO more than one second to power on the appliance.

Caution: Once the Safeguard for Privileged Passwords Appliance is booted, DO NOT press and hold the Green check mark button. Holding this button for four or more seconds will cold reset the power of the appliance and may result in damage.

Red X button

Use the Red X button to shut down the appliance. Press and hold the Red X button for four seconds until the LCD displays POWER OFF.

Caution: Once the Safeguard for Privileged Passwords Appliance is booted, DO NOT press and hold the Red X button for more than 13 seconds. This will hard power off the appliance and may result in damage.
Down, up, left and right arrow buttons

When the appliance is running, the LCD home screen displays:

  • Safeguard for Privileged Passwords <version number>

Use the arrow buttons to scroll through the following details:

  • Serial: <appliance serial number>
  • X0: <appliance IP address>
  • X1: <IP address of the sessions module interface>

    If one or more Safeguard Sessions Appliances are joined to Safeguard for Privileged Passwords, X1 is not available in Safeguard for Privileged Passwords.

  • MGMT: <management IP address>
  • MGMT MAC: <media access control address>
  • IPMI: <IP address for IPMI>

New features

Custom platform (770747)

Asset Administrators now have the ability to add a custom platform for use when adding or updating an asset. A custom platform allows Safeguard for Privileged Passwords to connect to and manage password operations on platforms that are not supported by Safeguard for Privileged Passwords out of the box. You can upload a custom platform script file to add support for any system that you want to manage. In this release, only SSH-based custom platforms are supported; other protocols will be added in future releases. To access examples of custom scripts and view commands, visit:

Auditors and Partition Administrators have read only rights to custom platforms. However, Partition Administrators retain the ability to add or remove assets.

Authentication options (765396)

With appropriate administration credentials, you can change the primary and secondary identity and authentication providers for authentication to Safeguard for Privileged Passwords. The feature enables customers to integrate Safeguard for Privileged Passwords with their existing identity and authentication services. For example, a customer can use Radius for primary authentication and rely upon their own company policies for functions like 2FA.

Safeguard Sessions Appliance join (770739)

CAUTION: The SPS/SPP join feature in the Safeguard for Privileged Passwords 2.4 release is intended for proof of concept and preview purposes only. This feature should not be used in production.

The Asset Administrator can now join a Safeguard Sessions Appliance with a standalone primary Safeguard for Privileged Passwords Appliance. Once joined, all sessions are recorded via the Safeguard Sessions Appliance and the embedded sessions module for Safeguard for Privileged Passwords is no longer available.

The user initiates the join by connecting to the Safeguard Sessions Appliance over SSH, selecting Join to SPP, and providing the requested information. After the join is complete, the user restarts the desktop client to complete the connection and update settings and entitlement policy details.

Sessions recorded prior to joining the Safeguard Sessions Appliances are available to playback from local storage and in accordance with the permissions of the Safeguard for Privileged Passwords Appliance. Sessions that are archived are also available to playback.

Once a Safeguard for Privileged Passwords Appliance has been configured to use the Safeguard Sessions Appliance, it can only be reversed by a factory reset of the Safeguard Passwords Appliance or restoring a backup that was taken before the first join of Safeguard for Privileged Sessions (SPS). Either method unjoins the Sessions Appliance and redeploys the Safeguard for Privileged Passwords Appliance sessions module.

See also:

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents